+1 vote
by (8.4k points)

Trying to connect to gmx.net mail servers (e.g. smpt.gmx.net, port 587, with TLS/SSL explicit security) on Windows Mobile 5.0/6.0 device or emulator, I keep getting the "Connection was closed by the remote connection end." TlsException. How can I fix it? Connecting under normal .NET works.

Here is my code:

Smtp smtp = new Smtp();
smtp.Connect("smtp.gmx.net", 587, SslMode.Explicit);

// etc

Rebex.Net.TlsException: Connection was closed by the remote connection end.
at Rebex.Net.GJB.GE()
at Rebex.Net.TlsSocket.Negotiate()
at Rebex.Net.ISB.YB(TlsParameters AB)
at Rebex.Net.Smtp.AN(TlsParameters AB)
at Rebex.Net.Smtp.SM(String AB, Int32 BB, TlsParameters CB, SmtpSecurity DB)
at Rebex.Net.Smtp.RM(String AB, Int32 BB, TlsParameters CB, SmtpSecurity DB)
at Rebex.Net.Smtp.Connect(String serverName, Int32 serverPort, SslMode security)

Applies to: Rebex Secure Mail

1 Answer

0 votes
by (58.9k points)
selected by
Best answer

Some of our customers already experienced this problem with Rebex SMTP client on .NET CF connecting to gmx.net mail servers.

It is actually the Diffie-Hellmann group exchange algorithm which takes around 12 seconds to initialize during the TLS negotiation on the .NET CF platform.

The gmx mail servers seem to have a rather short timeout of 10 seconds which results in the server closing the connection and the error being raised eventually.

Luckily, there is a simple workaround which will make the TLS connection to the “smtp.gmx.net” SMTP server work on the .NET CF platform as well. The trick is to explicitly enable only the RSA algorithms (meaning that the Diffie-Hellman will not be used and thus you will get rid of the slowdown which causes the server to close the connection). Here is the code snippet:

Smtp smtp = new Smtp();

smtp.Settings.SslAllowedSuites =  
TlsCipherSuite.RSA_WITH_AES_128_CBC_SHA |

smtp.Connect("smtp.gmx.net", 587, SslMode.Explicit);

// etc


Just to make it clear it is the .NET CF native API which Rebex uses internally that takes so long to initialize so we have limited control over it. There might be WIndowsCE or Windows Mobile devices with a hardware powerful enough to compute the Diffie-Hellman key-exchange on time even with gmx.net mail servers.